This is a note to let you know that I've just added the patch titled mei: nfc: fix memory leak in error path to the 3.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: mei-nfc-fix-memory-leak-in-error-path.patch and it can be found in the queue-3.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 8e8248b1369c97c7bb6f8bcaee1f05deeabab8ef Mon Sep 17 00:00:00 2001 From: Alexander Usyskin <alexander.usyskin@xxxxxxxxx> Date: Tue, 12 Aug 2014 18:07:57 +0300 Subject: mei: nfc: fix memory leak in error path From: Alexander Usyskin <alexander.usyskin@xxxxxxxxx> commit 8e8248b1369c97c7bb6f8bcaee1f05deeabab8ef upstream. NFC will leak buffer if send failed. Use single exit point that does the freeing Signed-off-by: Alexander Usyskin <alexander.usyskin@xxxxxxxxx> Signed-off-by: Tomas Winkler <tomas.winkler@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/misc/mei/nfc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) --- a/drivers/misc/mei/nfc.c +++ b/drivers/misc/mei/nfc.c @@ -342,9 +342,10 @@ static int mei_nfc_send(struct mei_cl_de ndev = (struct mei_nfc_dev *) cldev->priv_data; dev = ndev->cl->dev; + err = -ENOMEM; mei_buf = kzalloc(length + MEI_NFC_HEADER_SIZE, GFP_KERNEL); if (!mei_buf) - return -ENOMEM; + goto out; hdr = (struct mei_nfc_hci_hdr *) mei_buf; hdr->cmd = MEI_NFC_CMD_HCI_SEND; @@ -354,12 +355,9 @@ static int mei_nfc_send(struct mei_cl_de hdr->data_size = length; memcpy(mei_buf + MEI_NFC_HEADER_SIZE, buf, length); - err = __mei_cl_send(ndev->cl, mei_buf, length + MEI_NFC_HEADER_SIZE); if (err < 0) - return err; - - kfree(mei_buf); + goto out; if (!wait_event_interruptible_timeout(ndev->send_wq, ndev->recv_req_id == ndev->req_id, HZ)) { @@ -368,7 +366,8 @@ static int mei_nfc_send(struct mei_cl_de } else { ndev->req_id++; } - +out: + kfree(mei_buf); return err; } Patches currently in stable-queue which might be from alexander.usyskin@xxxxxxxxx are queue-3.16/mei-fix-return-value-on-disconnect-timeout.patch queue-3.16/mei-nfc-fix-memory-leak-in-error-path.patch queue-3.16/mei-reset-client-state-on-queued-connect-request.patch queue-3.16/mei-start-disconnect-request-timer-consistently.patch queue-3.16/mei-don-t-schedule-suspend-in-pm-idle.patch queue-3.16/mei-reset-client-connection-state-on-timeout.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html